Description

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.

Remediation

References

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

http://www.securityfocus.com/bid/94221

Related Vulnerabilities

CVE-2013-1571 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2022-24719 Vulnerability in npm package fluture-node

CVE-2022-28150 Vulnerability in maven package com.synopsys.jenkinsci:ownership

CVE-2018-3831 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2020-11976 Vulnerability in maven package org.apache.wicket:wicket-core

Severity

High

Classification

CWE-255 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry